(command.CommandList children: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:tid) op: assign_op.Equal rhs: {(DQ <'multiple pubkey'>)} spids: [7] ) ] ) (C {<rm>} {<-f>} {($ Id.VSub_DollarName '$OBJ') <'/authorized_keys_'> ($ Id.VSub_DollarName '$USER')} {($ Id.VSub_DollarName '$OBJ') <'/user_ca_key'> <Id.Lit_Star '*'>} {($ Id.VSub_DollarName '$OBJ') <'/user_key'> <Id.Lit_Star '*'>} ) (C {<rm>} {<-f>} {($ Id.VSub_DollarName '$OBJ') <'/authorized_principals_'> ($ Id.VSub_DollarName '$USER')} {($ Id.VSub_DollarName '$OBJ') <'/cert_user_key'> <Id.Lit_Star '*'>} ) (C {<mv>} {($ Id.VSub_DollarName '$OBJ') <'/sshd_proxy'>} {($ Id.VSub_DollarName '$OBJ') <'/sshd_proxy.orig'>} ) (C {<mv>} {($ Id.VSub_DollarName '$OBJ') <'/ssh_proxy'>} {($ Id.VSub_DollarName '$OBJ') <'/ssh_proxy.orig'>} ) (command.AndOr ops: [Id.Op_DPipe] children: [ (C {(${ Id.VSub_Name SSHKEYGEN)} {<-q>} {<-N>} {(SQ )} {<-t>} {<ed25519>} {<-f>} {($ Id.VSub_DollarName '$OBJ') <'/user_ca_key'>} ) (C {<fatal>} {(DQ <'ssh-keygen failed'>)}) ] ) (command.AndOr ops: [Id.Op_DPipe] children: [ (C {(${ Id.VSub_Name SSHKEYGEN)} {<-q>} {<-N>} {(SQ )} {<-t>} {<ed25519>} {<-f>} {($ Id.VSub_DollarName '$OBJ') <'/user_key1'>} ) (C {<fatal>} {(DQ <'ssh-keygen failed'>)}) ] ) (command.AndOr ops: [Id.Op_DPipe] children: [ (C {(${ Id.VSub_Name SSHKEYGEN)} {<-q>} {<-N>} {(SQ )} {<-t>} {<ed25519>} {<-f>} {($ Id.VSub_DollarName '$OBJ') <'/user_key2'>} ) (C {<fatal>} {(DQ <'ssh-keygen failed'>)}) ] ) (command.AndOr ops: [Id.Op_DPipe] children: [ (C {(${ Id.VSub_Name SSHKEYGEN)} {<-q>} {<-s>} {($ Id.VSub_DollarName '$OBJ') <'/user_ca_key'>} {<-I>} {(DQ <'regress user key for '> ($ Id.VSub_DollarName '$USER'))} {<-z>} {($ Id.VSub_Dollar '$$')} {<-n>} {(${ Id.VSub_Name USER) <Id.Lit_Comma ','> <mekmitasdigoat>} {($ Id.VSub_DollarName '$OBJ') <'/user_key1'>} ) (C {<fail>} {(DQ <'couldn\'t sign user_key1'>)}) ] ) (C {<mv>} {($ Id.VSub_DollarName '$OBJ') <'/user_key1-cert.pub'>} {($ Id.VSub_DollarName '$OBJ') <'/cert_user_key1.pub'>} ) (C {<cp>} {<-p>} {($ Id.VSub_DollarName '$OBJ') <'/user_key1'>} {($ Id.VSub_DollarName '$OBJ') <'/cert_user_key1'>} ) (command.Simple words: [{<grep>} {<-v>} {<IdentityFile>} {($ Id.VSub_DollarName '$OBJ') <'/ssh_proxy.orig'>}] redirects: [ (redir op: <Id.Redir_Great '>'> loc: (redir_loc.Fd fd:1) arg: {($ Id.VSub_DollarName '$OBJ') <'/ssh_proxy'>} ) ] do_fork: T ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:opts) op: assign_op.Equal rhs: { (DQ <'-oProtocol=2 -F '> ($ Id.VSub_DollarName '$OBJ') <'/ssh_proxy -oIdentitiesOnly=yes'> ) } spids: [239] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:opts) op: assign_op.Equal rhs: { (DQ ($ Id.VSub_DollarName '$opts') <' -i '> ($ Id.VSub_DollarName '$OBJ') <'/cert_user_key1 -i '> ($ Id.VSub_DollarName '$OBJ') <'/user_key1 -i '> ($ Id.VSub_DollarName '$OBJ') <'/user_key2'> ) } spids: [246] ) ] ) (command.ForEach iter_name: privsep iter_words: [{<no>} {<yes>}] do_arg_iter: F body: (command.DoGroup children: [ (command.Subshell child: (command.CommandList children: [ (C {<grep>} {<-v>} {(DQ <Protocol>)} {($ Id.VSub_DollarName '$OBJ') <'/sshd_proxy.orig'>} ) (C {<echo>} {(DQ <'Protocol 2'>)}) (C {<echo>} {(DQ <'UsePrivilegeSeparation '> ($ Id.VSub_DollarName '$privsep'))}) (C {<echo>} {(DQ <'AuthenticationMethods publickey,publickey'>)}) (C {<echo>} {(DQ <'TrustedUserCAKeys '> ($ Id.VSub_DollarName '$OBJ') <'/user_ca_key.pub'>)} ) (C {<echo>} { (DQ <'AuthorizedPrincipalsFile '> ($ Id.VSub_DollarName '$OBJ') <'/authorized_principals_%u'> ) } ) ] ) redirects: [ (redir op: <Id.Redir_Great '>'> loc: (redir_loc.Fd fd:1) arg: {($ Id.VSub_DollarName '$OBJ') <'/sshd_proxy'>} ) ] ) (C {<rm>} {<-f>} {($ Id.VSub_DollarName '$OBJ') <'/authorized_principals_'> ($ Id.VSub_DollarName '$USER') } ) (command.Simple words: [{<cat>} {($ Id.VSub_DollarName '$OBJ') <'/user_key1.pub'>}] redirects: [ (redir op: <Id.Redir_Great '>'> loc: (redir_loc.Fd fd:1) arg: {($ Id.VSub_DollarName '$OBJ') <'/authorized_keys_'> ($ Id.VSub_DollarName '$USER') } ) ] do_fork: T ) (command.AndOr ops: [Id.Op_DAmp] children: [ (C {(${ Id.VSub_Name SSH)} {($ Id.VSub_DollarName '$opts')} {<proxy>} {<true>}) (C {<fail>} {(DQ <'ssh succeeded with key'>)}) ] ) (command.Simple words: [{<echo>} {<mekmitasdigoat>}] redirects: [ (redir op: <Id.Redir_Great '>'> loc: (redir_loc.Fd fd:1) arg: {($ Id.VSub_DollarName '$OBJ') <'/authorized_principals_'> ($ Id.VSub_DollarName '$USER') } ) ] do_fork: T ) (command.Simple words: [{<cat>} {($ Id.VSub_DollarName '$OBJ') <'/user_key1.pub'>}] redirects: [ (redir op: <Id.Redir_Great '>'> loc: (redir_loc.Fd fd:1) arg: {($ Id.VSub_DollarName '$OBJ') <'/authorized_keys_'> ($ Id.VSub_DollarName '$USER') } ) ] do_fork: T ) (command.AndOr ops: [Id.Op_DAmp] children: [ (C {(${ Id.VSub_Name SSH)} {($ Id.VSub_DollarName '$opts')} {<proxy>} {<true>}) (C {<fail>} {(DQ <'ssh succeeded with key+cert'>)}) ] ) (C {<rm>} {<-f>} {($ Id.VSub_DollarName '$OBJ') <'/authorized_principals_'> ($ Id.VSub_DollarName '$USER') } ) (command.Simple words: [ {<cat>} {($ Id.VSub_DollarName '$OBJ') <'/user_key1.pub'>} {($ Id.VSub_DollarName '$OBJ') <'/user_key2.pub'>} ] redirects: [ (redir op: <Id.Redir_Great '>'> loc: (redir_loc.Fd fd:1) arg: {($ Id.VSub_DollarName '$OBJ') <'/authorized_keys_'> ($ Id.VSub_DollarName '$USER') } ) ] do_fork: T ) (command.AndOr ops: [Id.Op_DPipe] children: [ (C {(${ Id.VSub_Name SSH)} {($ Id.VSub_DollarName '$opts')} {<proxy>} {<true>}) (C {<fail>} {(DQ <'ssh failed with multiple keys'>)}) ] ) (command.Simple words: [{<echo>} {<mekmitasdigoat>}] redirects: [ (redir op: <Id.Redir_Great '>'> loc: (redir_loc.Fd fd:1) arg: {($ Id.VSub_DollarName '$OBJ') <'/authorized_principals_'> ($ Id.VSub_DollarName '$USER') } ) ] do_fork: T ) (command.Simple words: [{<cat>} {($ Id.VSub_DollarName '$OBJ') <'/user_key2.pub'>}] redirects: [ (redir op: <Id.Redir_Great '>'> loc: (redir_loc.Fd fd:1) arg: {($ Id.VSub_DollarName '$OBJ') <'/authorized_keys_'> ($ Id.VSub_DollarName '$USER') } ) ] do_fork: T ) (command.AndOr ops: [Id.Op_DPipe] children: [ (C {(${ Id.VSub_Name SSH)} {($ Id.VSub_DollarName '$opts')} {<proxy>} {<true>}) (C {<fail>} {(DQ <'ssh failed with key/cert'>)}) ] ) ] ) ) ] )